Notarise macOS binaries for `kubectl`, `minikube`, `kops` and `kind`

[upodroid]

What would you like to be added:

We are all familiar with this very annoying Gatekeeper warning when we download unsigned & unnotarized darwin binaries from the internet using a browser. Apple has forced notarising binaries since June 2019 from 10.15+ releases.

https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution
https://support.apple.com/en-gb/HT202491

Historically this required a macOS machine to be used at some point during the build process but this can now be done on any platform now.

I solved this problem for Knative and I can share my codesigning certificates and the scripts to make it possible. I think it will be a very fun QoL fix to talk about at Kubecon.

https://knative.dev/blog/releases/announcing-knative-v1-8-release/#breaking-or-notable
https://github.com/knative/func/releases/tag/knative-v1.8.0
knative/test-infra#3559

/sig cli
/sig release

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[jeremyrickard]

/remove-lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale